(From left to right) UBS' Christian Karam, Sudhir Panda, SIT's Steven Wong, and SMU's Lau Kai Cheong at Computerworld Singapore Security Summit 2017 panel discussion
Ransomware has been a highly discussed topic by IT professionals and a bugging issue in the security landscape for years. The topic once again rose to prominence due to the recent WannaCry attack.
But ransomware is only one area of cybersecurity that IT/security professionals need to worry about.
"Insider threats is [another area] which needs to be addressed across organisations", said Sudhir Panda, associate director, digital analytics, at a financial institution, during the panel discussion at the Computerworld Singapore Security Summit 2017.
"A lot of employees are not aware how to make data more secure. [Even if] there are mandatory trainings to ensure employees have some sort of awareness, there is no follow up once the training is over. So what [IT/cybersecurity teams] need to do is to use data to constantly monitor and engage employees to make sure they give inputs so that we can improve our security processes," he added.
Agreeing with him, Steven Wong, associate professor and programme director at Singapore Institute of Technology suggested "creating awareness at a young age to drive security as a habit." He said that doing so will help solve certain security problems so that they will not recur in future.
When asked how IT/cybersecurity teams can strengthen their cyberdefence in general, Lau Kai Cheong, chief information officer, Singapore Management University (SMU), suggested using artificial intelligence and advanced analytics to spot advanced persistent threats (APTs) and malware hidden in the networks.
Meanwhile, Christian Karam, director of Cyber Threat Intelligence, UBS, highlighted the importance of patching systems and/or replacing outdated machines with newer ones to decrease the chances of being hacked.
Karam and Panda also encouraged IT and cybersecurity teams to continue educating internal employees about cybersecurity. They can do so by deploying fake phishing emails or through gamification.
As for Wong, he strongly urged IT and cybersecurity teams to ensure that they have an effective incident response plan because getting breach is beyond control.
Other stories from the Computerworld Security Summit Series 2017:
- [Singapore] GlaxoSmithKline's Winston Chew: What is Singapore doing to step up its cybersecurity game plan?
- [Singapore] UBS' Christian Karam: How has ransomware evolved over the years?
- [Singapore] GovTech's Chai Chin Loon: Adopt security-by-design mindset to combat new cybersecurity threats
- [Singapore] Singapore Institute of Technology's Steven Wong: How Asian organisations can develop an effective incident response plan
- [Singapore] Defending against the new wave of cybersecurity threats
- [Singapore] Singapore Fintech Association's Chia Hock Lai: Why should security professionals pay attention to the rise of fintech?
- [Singapore] How Asian organisations can avoid becoming WannaCry’s next prey
- [Malaysia] Combatting cyberattacks with a strategic mindset
- [Philippines] DICT's Allan Cabanlong shares Philippines' cybersecurity game plan
- [Philippines] Jollibee's Frank Vibar: Why Digital Risk Officers are necessary for digital transformation
- [Philippines] Asian Development Bank's Alain Duminy: Taking a bi-modal approach to IT governance
- [Philippines] How IT leaders can get everyone involved in cybersecurity
Sign up for CIO Asia eNewsletters.